Skip to content

chore(deps): Bump the gomod group across 1 directory with 12 updates #1556

chore(deps): Bump the gomod group across 1 directory with 12 updates

chore(deps): Bump the gomod group across 1 directory with 12 updates #1556

Workflow file for this run

name: Integration Pipeline
on:
push:
branches:
- main
pull_request:
jobs:
build:
runs-on: ubuntu-22.04
strategy:
matrix:
goos:
- linux
- darwin
- windows
goarch:
- arm64
- amd64
exclude:
- goarch: arm64
goos: windows
steps:
- name: Checkout commit
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: 'go.mod'
check-latest: true
- name: Build Falcoctl
run: >
go build -ldflags="-s -w" -o falcoctl-${{ matrix.goos }}-${{ matrix.goarch }} .
env:
CGO_ENABLED: 0
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
- name: Create Archives
run: |
cp falcoctl-${{ matrix.goos }}-${{ matrix.goarch }} falcoctl
tar -czvf falcoctl-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz falcoctl LICENSE
- name: Upload falcoctl artifacts
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: falcoctl-${{ matrix.goos }}-${{ matrix.goarch }}
path: ./falcoctl-${{ matrix.goos }}-${{ matrix.goarch }}
retention-days: 1
- name: Upload falcoctl archives
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: falcoctl-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
path: ./falcoctl-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz
retention-days: 1
docker-configure:
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-22.04
outputs:
release: ${{ steps.vars.outputs.release }}
commit: ${{ steps.vars.outputs.commit }}
build_date: ${{ steps.vars.outputs.build_date }}
steps:
- name: Set version fields
id: vars
run: |
echo "release=${{ github.sha }}" >> $GITHUB_OUTPUT
echo "commit=${{ github.sha }}" >> $GITHUB_OUTPUT
echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
docker-image:
if: ${{ github.event_name == 'push' }}
needs: docker-configure
uses: ./.github/workflows/docker-image.yaml
secrets: inherit
permissions:
contents: read
id-token: write
with:
release: ${{ needs.docker-configure.outputs.release }}
commit: ${{ needs.docker-configure.outputs.commit }}
build_date: ${{ needs.docker-configure.outputs.build_date }}
sign: true
provenance-for-images-docker:
if: ${{ github.event_name == 'push' }}
needs: [docker-configure, docker-image]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: docker.io/falcosecurity/falcoctl
# The image digest is used to prevent TOCTOU issues.
# This is an output of the docker/build-push-action
# See: https://github.com/slsa-framework/slsa-verifier#toctou-attacks
digest: ${{ needs.docker-image.outputs.digest }}
secrets:
registry-username: ${{ secrets.DOCKERHUB_USER }}
registry-password: ${{ secrets.DOCKERHUB_SECRET }}
login-to-amazon-ecr:
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: arn:aws:iam::292999226676:role/github_actions-falcoctl-ecr
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
with:
registry-type: public
mask-password: 'false'
outputs:
registry: ${{ steps.login-ecr-public.outputs.registry }}
docker_username: ${{ steps.login-ecr-public.outputs.docker_username_public_ecr_aws }}
docker_password: ${{ steps.login-ecr-public.outputs.docker_password_public_ecr_aws }}
provenance-for-images-aws-ecr:
if: ${{ github.event_name == 'push' }}
needs: [docker-configure, docker-image, login-to-amazon-ecr]
permissions:
actions: read # for detecting the Github Actions environment.
id-token: write # for creating OIDC tokens for signing.
packages: write # for uploading attestations.
uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected]
with:
image: public.ecr.aws/falcosecurity/falcoctl
# The image digest is used to prevent TOCTOU issues.
# This is an output of the docker/build-push-action
# See: https://github.com/slsa-framework/slsa-verifier#toctou-attacks
digest: ${{ needs.docker-image.outputs.digest }}
secrets:
registry-username: ${{ needs.login-to-amazon-ecr.outputs.docker_username }}
registry-password: ${{ needs.login-to-amazon-ecr.outputs.docker_password }}
test:
needs: build
runs-on: ubuntu-latest
steps:
- name: Checkout commit
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
with:
go-version-file: 'go.mod'
check-latest: true
- name: Run tests
run: go test -cover ./...